sag
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation process involves adding a third-party Homebrew tap ('steipete/tap/sag') and installing the 'sag' formula. This source is not on the list of trusted vendors or organizations, representing an unverified external dependency.\n- [COMMAND_EXECUTION]: The skill executes the 'sag' CLI binary to process text and produce audio. This involves running code on the host system with the ability to generate files (e.g., in '/tmp') and interact with audio hardware.\n- [PROMPT_INJECTION]: The skill takes arbitrary text input from the agent's context and passes it to the 'sag' command, creating a surface for indirect prompt injection via the synthesized speech.\n
- Ingestion points: Text strings provided to the 'sag' command within the 'SKILL.md' examples.\n
- Boundary markers: None present to distinguish instructions from content.\n
- Capability inventory: System command execution via the 'sag' binary.\n
- Sanitization: No input validation or filtering of synthesis text is performed.
Audit Metadata